Hi, Some months ago, a reflective shim was added in https://issues.apache.org/jira/browse/KAFKA-17078, in order to support running Kafka with SASL on JDKs that no longer support the security manager.
This shim was added only to Kafka 4.0, but backporting was discussed in https://lists.apache.org/thread/vl43q9wqq4xs67xx61f0t0850y2b037o. There was no clear consensus for or against backporting, but it ended up not happening. At the time, users could work around the issue by enabling the Security Manager again via a command-line flag. Java 24, which is planned to release tomorrow, no longer has this workaround available. This leaves users running Java 23 (I am one) in a slightly uncomfortable spot. If Kafka releases 4.0 in the next month, we can rush to upgrade to that, and hope that the first release has no regressions. Otherwise, we will need to downgrade back to Java 21, since staying on 23 isn't a good idea past Oracle's quarterly security update in April (see https://www.oracle.com/security-alerts/), which will include patches that won't be released for Java 23. Would there be strong objections to attempting a backport of this shim to a 3.9.x release?
